package com.cindata

import grails.converters.JSON
import grails.plugin.springsecurity.SpringSecurityUtils
import org.springframework.security.access.annotation.Secured
import org.springframework.security.authentication.AccountExpiredException
import org.springframework.security.authentication.CredentialsExpiredException
import org.springframework.security.authentication.DisabledException
import org.springframework.security.authentication.LockedException
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.web.WebAttributes

import javax.servlet.http.HttpServletResponse

@Secured('permitAll')
class LoginController
{
    /**
     * Dependency injection for the authenticationTrustResolver.*/
    def authenticationTrustResolver

    /**
     * Dependency injection for the springSecurityService.*/
    def springSecurityService

    /**
     * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.*/
    def index()
    {
        if (springSecurityService.isLoggedIn())
        {
            def principal = springSecurityService.principal
            String username = principal.username

            def u = User.findByUsername(username)

            session.user = u
            redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl
        }
        else
        {
            redirect action: 'auth', params: params
        }
    }

    /**
     * Show the login page.*/
    def auth()
    {
        def config = SpringSecurityUtils.securityConfig
        if (springSecurityService.isLoggedIn())
        {
            redirect uri: config.successHandler.defaultTargetUrl
            return
        }

        String view = 'auth'
        String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
        render view: view, model: [postUrl: postUrl, rememberMeParameter: config.rememberMe.parameter]
    }

    /**
     * The redirect action for Ajax requests.*/
    def authAjax()
    {
        response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
        response.sendError HttpServletResponse.SC_UNAUTHORIZED
    }

    /**
     * Show denied page.*/
    def denied()
    {
        if (springSecurityService.isLoggedIn() && authenticationTrustResolver.isRememberMe(SCH.context?.authentication))
        {
            // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
            redirect action: 'full', params: params
        }
    }

    /**
     * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.*/
    def full()
    {
        def config = SpringSecurityUtils.securityConfig
        render view: 'auth', params: params,
               model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
                   postUrl: "${request.contextPath}${config.apf.filterProcessesUrl}"]
    }

    /**
     * Callback after a failed login. Redirects to the auth page with a warning message.*/
    def authfail()
    {
        String msg = ''
        def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
        if (exception)
        {
            if (exception instanceof AccountExpiredException)
            {
                // msg = g.message(code: "springSecurity.errors.login.expired")
                msg = g.message(code: "对不起，账号已过期，请联系管理员！")
            }
            else if (exception instanceof CredentialsExpiredException)
            {
                // msg = g.message(code: "springSecurity.errors.login.passwordExpired")
                msg = g.message(code: "对不起，账号已过期，请联系管理员！")
            }
            else if (exception instanceof DisabledException)
            {
                // msg = g.message(code: "springSecurity.errors.login.disabled")
                msg = g.message(code: "对不起，账号已被禁用，请联系管理员！")
            }
            else if (exception instanceof LockedException)
            {
                // msg = g.message(code: "springSecurity.errors.login.locked")
                msg = g.message(code: "对不起，账号已锁定，请联系管理员！")
            }
            else if (exception instanceof CustomIpFixedException)
            {
                msg = "对不起，请使用固定IP登录！"
            }
            else
            {
                msg = g.message(code: "对不起，用户名密码错误！")
            }

        }
        if (springSecurityService.isAjax(request))
        {
            render([error: msg] as JSON)
        }
        else
        {
            flash.message = msg
            redirect action: 'auth', params: params
        }
    }

    /**
     * The Ajax success redirect url.*/
    def ajaxSuccess()
    {
        render([success: true, username: springSecurityService.authentication.name] as JSON)
    }

    /**
     * The Ajax denied redirect url.*/
    def ajaxDenied()
    {
        render([error: 'access denied'] as JSON)
    }

    //写入当前选择城市
    def currentCity()
    {
        if (params["city"] != '-1')
        {
            session.setAttribute("currentCity", City.findByZoneNumber(params["city"]))
        }
        else if (params["city"] == '-1')
        {
            session.setAttribute("currentCity", new City(['zoneNumber': '-1']))
        }
        return 'ok'
    }
}
